Azure App Registration : scope list not complete

0
votes

I created an azure App registration :

demo

I used Adal for authentification :

demo2

the problem is when I decrypt the generated tokens ( sharepoint and graph api), I get :

"scp": "User.Read",

I need to know :

  • Why I get only this permission in the scope claim?
  • How can this to get all permissions ?

Thanks,

1
azurejwtazure-active-directorytokenadal.js
Have you consented to all those permissions? - juunas
@juunas : do you mean admin consent ? I think it is not required for these permissions - Lamloumi Afif
That depends on your tenant settings (user consent can be disabled entirely). Though I'm guessing in this case it might be the behaviour of the v1 endpoint where if you have already consented to something on an API, it'll just give you the token with those, regardless that you added more. You can add prompt=consent to the authorization URL when your app redirects you to log in. This will force consenting to all permissions again. - juunas
I think you are right,can u your comment as an answer ?thanks - Lamloumi Afif

1 Answers

2
votes

I'm guessing in this case it might be the behaviour of the v1 endpoint where if you have already consented to something on an API, it'll just give you the token with those, regardless that you added more.

You can add prompt=consent to the authorization URL when your app redirects you to log in. This will force consenting to all permissions again.